It's likely that the breach took place on June 24, 2012

Jul 13, 2012 06:44 GMT  ·  By

Yahoo! has confirmed that the 450,000 email addresses and passwords leaked by hackers part of D33Ds Company are indeed taken from their servers.

“We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords,” the company said in a statement.

“We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users.”

They also encourage their customers to check out their safety tips page and deploy additional Yahoo! Account Security features.

In the meantime, the hackers – most likely from Romania – have been quiet. One of their last tweets, posted on July 11, mentioned that the Yahoo! subdomain they breached was still vulnerable to SQL Injection attacks.

There is one more noteworthy thing about the Yahoo! hack. As security researcher Janne Ahlberg highlights, the data leak contains a timestamp: 1340563325.

If converted into a calendar date, it reads June 24, 2012, 18:42:05 GMT. This may be the date and the approximate time when the breach took place.

After learning that Yahoo! was hacked, security experts have performed an analysis of the leaked passwords. ESET found that 1,666 passwords were the classic “123456.”

Other popular ones appear to be “password”,”welcome”,”ninja”,”abc123” and “123456789.”

As far as the domains used for the email addresses go, yahoo.com is the most popular with 137,556, followed by gmail.com with 106,869, hotmail.com with 55.147, and aol.com with 25,520.

Other email accounts from the leak are registered at comcast.net, msn.com, sbcglobal.net, live.com, Verizon.net, bellsouth.net and cox.net.

Even more interesting is the fact that 1,870 addresses end with .edu, 93 with .gov, and 81 are hosted on .mil domains.